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(54) Title: ONLINE ELECTION SYSTEM 

(57) Abstract 

An online election system (10) has a data- 
base of registered voters (16). A voter accessing 
the election system (10) through a host server 
(12) and user interface (13, 14) verifies them- 
selves by providing security information such as 
a unique identifier and password. The voter 
is then presented with a list of candidates and 
is prompted to indicate their vote which is then 
submitted to the server (12). Confidentiality of 
a vote is ensured because all voter identification 
is removed from the vote when the vote is re- 
ceived at the host server (12) and before the vote 
is stored and tallied. The privacy of the vote is 
further enhanced by encrypting communications 
between the host server (12) and the user inter- 
face (13, 14). 
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ONLINE ELECTION SYSTEM 
BACKGROUND OF THE INVENTION 

This invention relates to a system for conducting an election using a computer 
network. 

Elections are used to select representatives in many situations for example members of 
parliament or congress, local council members and members of a board of directors. 
Elections can however place a large burden on resources, financial, human, time etc, 
and can be inconvenient to the electorate if voters have to disrupt their normal routines 
or go out of their way to participate. In elections where voting is not compulsory, this 
inconvenience can lead to voter apathy and low voter participation rates. The present 
invention seeks to provide a system for conducting an election at greater convenience 
to voters and at lower cost to administrators. 

SUMMARY OF THE INVENTION 

The invention resides in an online election system including a computer network 
having a host server and a plurality of user interfaces, said system further including:- 
a registered voter database accessible by said host server and containing voter 
identification records for a plurality of registered voters; 
a voter verification system including means to receive personal identification 
information provided by a user at a user interface and means to determine if said user 
is a registered voter by matching said personal information provided by said user to a 
record contained in said registered voter database; 

means to display at a user interface election information including a list of election 
candidates; 

means by which a registered voter can indicate their vote at the user interface; 
means by which a registered voter can submit their vote from the user interface to the 
host server, 

means to prevent a registered voter from submitting more than one vote; 
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means for tallying a plurality of votes submitted by a plurality of registered voters; 
wherein when a vote is received at the host server all voter identification is removed 
from the vote, the vote is passed to the means for tallying and the registered voter who 
submitted the vote is flagged as having voted. 

5 

In a second aspect, the invention resides in an online election system including a 
computer network having a host server and a plurality of user interfaces, said system 
further including:- 

a registered voter database accessible by said host server and containing voter 

1 0 identification records for a plurality of registered voters; 

a voter verification system including means to receive personal identification 
information provided by a user at a user interface and means to determine if said user 
is a registered voter by matching said personal information provided by said user to a 
record contained in said registered voter database; 

15 means to display at a user interface election information including a list of election 
candidates; 

means by which a registered voter can indicate their vote at the user interface; 
means by which a registered voter can submit their vote from the user interface to the 
host server; 

20 means to prevent a registered voter from submitting more than one vote; 

means for tallying a plurality of votes submitted by a plurality of registered voters; 
wherein said system stores submitted votes independently of said voter records such 
that a voter cannot be correlated to their respective vote. 



25 Preferably communications between the host server and the user interfaces are 
encrypted 

Preferably the list of candidates displayed at a user interface is determined from one or 
more details contained in a registered voter's record. 

30 



BRIEF DESCRIPTION OF THE DRAWINGS 



WO 00/62257 



3 



PCT/AUOO/00307 



The invention will now be described by way of preferred embodiments intended as 
non-limiting examples only, and with reference to the accompanying Fig 1 which 
shows a schematic view of a system according to the invention. 

5 DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Shown schematically in Fig 1 is an online election system 10. The focal point of the 
system 10 is a host server 12. The host server 12 runs an internet based server 
application that can be accessed through web-enabled user browsers 13, 14. 

10 

The host server 12 performs routine server functions and is the interface into multiple 
data sources 15, 16, 17, 18 storing the infonnation served out to the end user. The 
data sources include a general database 15, a registered voter database 16, an electoral 
database 17 and a registered vote database 18, the function of each which will be 
1 5 described individually below. The databases may be of any proprietary relational 
database type such as the Oracle ®, Microsoft SQL™ or Sybase ® databases. 

The general database 15 stores information generic to the on-line election system, 
such as how to vote infonnation, election rules, voter-registration forms, candidate 
20 information etc. The infonnation stored in this database is of low security 

requirements and can be easily maintained and up-dated without disruption to the 
other databases. 

The registered voter database 16 stores details of registered voters in a defined 
25 schema. The schema includes fields for a voter's unique identifier, name; contact 
details including address and electronic mail address; Personal Identification Number 
(PIN), password or pass phrase; and vote status. The vote status field is used to 
indicate whether the voter has submitted a valid vote for a particular election and may 
consist of a simple value eg. 0 indicating a voter hasn't voted, 1 indicating that they 
30 have. Of course the schema may include other fields, for example containing 

additional security or verification information. The exact nature of the schema will 
depend on the type of election being conducted. For wide scale government elections 
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for example, the address fields are important for identifying the electorate that the 
registered voter belongs to. For smaller scale elections, eg within an organisation, the 
address fields may not be important, and instead the schema may store for example a 
voter's membership number for the organisation, which may also form the unique 
5 identifier for that voter 

The electoral database 17 stores information specific to the election being conducted 
such as ballot forms containing a list of candidates. Where there is more than one list 
of candidates for an election, the electoral database may also contain look-up tables 
10 for determining the appropriate list of candidates to be provided to a voter. If the 

appropriate candidate list is dependant upon one or more details of a registered voter, 
the look-up tables may equate fields of voter records with candidate lists. 

For example, the list of candidates required by a registered voter may be dependent on 
1 5 the electorate of the voter. The voter's electorate may be stored in a field in their 
respective record in the registered voter database 16, in which case the electoral 
database 17 will contain a look-up table matching an electorate with a list of 
candidates for that electorate. 

20 Alternatively, the electorate may be determined fern the address field of a registered 
voter's record in which case the electoral database 17 will contain two look-up tables, 
the first matching addresses or postcodes with electorates, the second matching 
electorates with candidate lists. It is possible that one look-up table matching 
addresses or postcodes with candidate lists be used, however this latter method is not 
25 preferred where the databases are to be re-used for subsequent elections, as it requires 
more intensive maintenance when a list of candidates for an electorate is changed. 
For a similar reason, it is preferred that a voter's electorate is determined from their 
address or postcode rather than being stored directly in the voter records, as changes 
to the electorate boundaries are more easily accommodated. 

30 

The fourth database shown at 18 in Fig 1 is a registered vote database which stores 
and tallies all validly submitted votes. The registered vote database 18 preferably 
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contains divisions to facilitate the accurate tallying and reporting of the vote. For 
example, the vote database may be divided into electorates and the votes may be 
stored according to the electorate to which they relate. Each division may then be 
tallied independently to achieve a result for that electorate. Divisions in the vote 
5 database assist the speed at which the vote may be tallied and also reduces the storage 
requirement of the database because, for example, the electorate to which a vote 
belongs does not have to be stored for each vote. 

To establish the registered voter database 16, the system according to the invention 
10 includes a registration system. Prior to an election, a user may access the host server 
12 through a user interface 13, 14 to retrieve an electronic registration form from the 
general database 15. The user provides the requested information such as name, 
address and other personal details for example drivers licence number, credit card 
number etc. and submits it electronically in a known manner to the host server 12. 
15 The information is then retrieved at the host, and a new record is created in the 
registered voter database for the user based on the details provided. The task of 
retrieving a user's details and creating a new record may be performed manually by an 
operator with authorised access to the registered voter database 15, or may be 
performed automatically through a software application run by the host server. To 
20 facilitate automation of the registration process, the host server 12 may be further 
linked to the databases of other institutions for the purpose of searching those 
databases and verifying security details provided by a user such as credit card 
numbers, passport numbers, driver's licence numbers and the like. 

25 Once the voter database is established, it can be re-used for any number of elections. 
It will of course be necessary to clear the vote status fields of all voter records once an 
election is completed and the host server contains an appropriate software application 
for performing this task. 

30 After a voter record has been created, and all the details provided by the user have 
been verified, the user then becomes registered as a voter and is issued with a unique 
identifier assigned by the host server, and other security information such as a 
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Personal Identification Number (PIN), password or passphrase which may have been 
chosen by the user when submitting their registration form. The identifier and 
security details form part of the voter's record in the registered voter database 16. 

5 The unique identifier provides a registered voter with a means of identifying 

themselves to the host and can be implemented in a variety of ways depending on the 
security requirements of the election administrator and the method of registering 
voters. In a most preferred form, upon registration a voter is issued with a uniquely 
encoded smart card and personal identification number. Identification to the host 

10 during an election then requires a card reader attached to the user browser. At present 
these are available at some office computers and can be provided at specialised online 
polling booths, but it is anticipated that smart card readers for facilitating on-line 
transactions will be a part of standard personal computer hardware in the near future, 
thus the voter's own personal computer will be suitable. 

15 

In a simpler form, the registered voter may be issued with a unique identifier which 
may simply be a number issued sequentially by the host server to sequentially 
registered voters, that the voter manually enters at the user interface in order to 
identify themselves to the host server. 

20 

When an election is held, all registered voters may submit their vote using the on-line 
election system of the present invention. To submit their vote, a user first accesses the 
host server 12 through a user browser 13, 14. The host server displays a generic 
election page from the general database 15 onto the user browser and prompts the user 
25 to provide the voter's registration details. The voter identifies themselves to the host 
by providing their unique identification, for example in one of the ways described 
above. 

The voter also provides further verification details such as a PIN or password to a 
30 level dependent on the security levels of the election system. The registered voter 

database 16 is then searched to locate a record matching all the details provided by the 
prospective voter. 
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If no matching record is found, the user is given the option to re-submit their 
registered details, return to the title page of the election or exit. If the details provided 
by the user accord with a record in the registered voter database the user is verified as 

5 a registered voter and a log-in session with a session identifier is created for that voter. 
The voter is then advanced to the next stage of the election procedure. At this point 
the host server retrieves an appropriate list of candidates from the electoral database 
17, and causes the list to be displayed at the registered voter's browser. The list of 
candidates retrieved from the electoral database 17 may be a standard list for all voters 

1 0 or may be determined using suitable look-up tables stored in the electoral database 1 7. 
In order to determine the list of candidates appropriate for a registered voter, it may be 
necessary for the host server 12 to access the registered voter's record and equate 
specific details of the voter with a list of candidates. For example, the voter's address 
can be used to retrieve the list of candidates for the electorate that the voter belongs to. 

15 

With a list of candidates displayed on the user browser, the registered voter is able to 
indicate their vote in a known manner, for example by selecting their choice of 
candidate with an attached mouse device of the browser or by touch pad. Depending 
on the rules of the election the voter may be able to select their most preferred 

20 candidate or select candidates in a preferential order. When a voter is satisfied with 
their vote, a tool can be selected to submit the vote indicated at the user browser to the 
host server. Once the submit tool is chosen, the vote information indicated by the 
registered voter is transferred in a known manner using standard protocols from the 
voter's interface to the host server. To allow the identity of the voter who submitted 

25 the vote to be determined by the host server, the vote information may be submitted 
with the unique identifier of the voter. Alternatively, the voter identity may be 
determined by the host server from the log-in session identifier. As a first stage of 
receiving the vote the host server checks the vote status field of the voter's record to 
ensure that the voter has not previously submitted a vote for the particular election and 

30 checks the vote to ensure it has been submitted in an acceptable form. An acceptable 
form may be that only one candidate has been indicated or that the candidates have 
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been sequentially numbered to show the preferences of the voter. If a vote is rejected 
the voter is informed and allowed to re-cast their vote. 

Once the form of a vote has been checked and approved the host server informs the 
5 voter that their vote has been successfully submitted, and the voter is then free to 
terminate the log-in session. The host server then uses either the log-in session 
identifier or the voter identifier if submitted with the vote, to determine the identity of 
the voter and update the voter's record to change the value in the vote status field from 
a 0 to a 1 to indicate that the voter has submitted a valid vote. At the same time, the 
1 0 host server 1 2 removes all specific voter identification from the vote, including the 
voter's unique identifier and log-in session identifier, and passes the vote to the 
registered vote database 1 8. The vote is then stored in the appropriate division of the 
registered vote database 1 8 which may be determined from information passes with 
the vote by the host server or from information integral with the vote itself For 
1 5 example, the host server may explicitly tag a vote as belonging to a particular 

electorate, or the electorate may be implicit in the list of candidates associated with 
the vote. 

At the conclusion of the election, the host server 12 runs a software application to tally 
20 all votes stored in the vote database and generate reports based on the result. The 
tallying system may be adapted to tally the votes according to a preferential or 'two 
party preferred" voting system. Where, after at least a portion of the votes have been 
tallied, it is not possible for a particular candidate to win, the votes of the voters who 
indicated that candidate are distributed to the other candidates in accordance with the 

25 preferences of those voters. The tallying system may further include a means to 

assign a weighting to a voter's preferences, as is done in, for example, the Australian 
Senate Elections. Alternatively the votes may be tallied according to a "first past the 
post" system wherein the successful candidate is deemed to be the one with the most 
primary votes out of all candidates. After the vote is tallied a report is generated of 

30 the result and made available for viewing on the computer networic through the host 
server. 
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Once voting in an election has ceased, the election system can be used to determine 
those registered voter's who voted and those that did not by searching the vote status 
field of all records in the registered voter database 16. If voting in an election is 
compulsory, the host server can automatically generate a list of voters who did not 
5 participate, and can further generate notices that a fine is payable and issue these 
notices to non-participating voter's by electronic mail using the mail address in a 
voter's record 

The general database 15 preferably includes an on-line fine payment form whereby a 
10 fined user can pay their fine using the computer network. The voter accesses the 
payment form through the user browser/host server connection and provides their 
financial account details, for example their credit card number and expiry date. The 
election system then retrieves these details and, using a secure electronic link 23 to a 
financial network 21 through a firewall 22, transfers the amount of the fine from the 
IS user's account to one or more financial accounts authorised to receive the fine 

payments. The voter's account information is then deleted from the election system 
and the voter's record flagged as having paid the fine. The flag may include a receipt 
that is issued, preferably electronically, to the user. The fine payment system may be 
implemented using any appropriate e-commerce engine such as the Transact™ engine 
20 developed by Open Market Inc. Once all fines have been issued and paid, the host 
server runs an application to reset the vote status fields of all records to a 0 so that the 
databases are then ready to be used for further elections. 

Preferably it is possible to vaiy the amount or type of information that a user must 
25 provide in order to be registered. In this way the election system can be adapted to 
conduct elections for several different organisations by catering to the particular needs 
of each organisation. 

The election system is most suitably implemented using the world wide web. This 
30 allows it to be accessed from most places around the word, including a person's home 
or office or at a polling booth having online facilities, at a relatively cheap cost. The 
election can therefore be conducted at minimum inconvenience to voters. The 
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election system may have a central web site and several mirror sites in order that it can 
handle the high level of use it could potentially receive during an election. The web 
site may contain additional links to election related web sites such as those for the 
candidates. 

5 

The information stored in the election system, in particular the registered voter 
database may be encrypted so that it can be viewed only by persons having the 
appropriate security clearance. It is also preferable that the user browser be able to 
support encryption technology to a level depending upon the security requirements of 
1 0 the particular election being conducted. For a government election, it is preferred that 
the communications between the host server and user browser be protected by 128 bit 
encryption software or better, running on a public/private key exchange system. 

The host server may include a proprietary plug-in encryption system stored in the 
1 5 general database 1 5 that can be downloaded to a user's browser if the security systems 
on the browser are inadequate. 

The above embodiment has been described with reference to an election conducted 
over a wide area network such as the internet. Such an application is suitable for 
20 conducting large scale elections, for example the election of government officials. 

If an election is to be held on a smaller scale, for example within an organisation, the 
online election system may be implemented on a local area network. In this case the 
host need only run a local server application with the user browsers forming part of 
25 the local internet, that is, they are hard wired into the network. In this situation the 
optional fine payment system will not be able to be employed without the host server 
running a software application allowing it to link with a wider network, but for small 
scale elections, this feature is unlikely to be necessary. 

30 The election system as outlined above is suitable for electing representatives for 
governments, councils, businesses, societies, etc. The confidentiality of a person's 
vote is ensured because once a person's vote is submitted, it is stripped of any voter 
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identification and the vote is stored in a separate unlinked database so that the vote 
cannot be correlated to the voter who submitted it. 

An election conducted on-line can save on resources required for ballot papers, 
5 candidate information, how-to-vote cards and the like, all of which can be provided 
via the computer network. The on-line election system can also save on human 
resources because there is no need for people to staff polling booths, tally the vote or 
act as scrutineers. An added advantage is that many sources of human error can be 
removed. 

10 

An on-line election also provides convenience to the electorate because they do not 
have to attend a polling booth. This is particularly useful for people such as the 
disabled and their carers, and people who would otherwise have to travel large 
distances to attend a polling booth. In addition, the current postal vote and absentee 
1 5 systems could be made obsolete because access to the on-line election would merely 
require a computer with a modem attachment and could occur from almost anywhere 
worldwide. 

While particular embodiments of this invention have been described, it will be evident 
20 to those skilled in the art that the present invention may be embodied in other specific 
forms without departing from the essential characteristics thereof* The present 
embodiments and examples are therefore to be considered in all respects as illustrative 
and not restrictive, the scope of the invention being indicated by the appended claims 
rather than the foregoing description, and all changes which come within the meaning 
25 and range of equivalency of the claims are therefore intended to be embraced therein. 
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CLAIMS 

L An online election system including a computer network having a host server 
5 and a plurality of user interfaces, said system further including: - 

a registered voter database accessible by said host server and containing voter 

identification records for a plurality of registered voters; 

a voter verification system including means to receive personal identification 

information provided by a user at a user interface and means to determine if 
1 0 said user is a registered voter by matching said personal information provided 

by said user to a record contained in said registered voter database; 

means to display at a user interface election information including a list of 

election candidates; 

means by which a registered voter can indicate their vote at the user interface; 
1 5 means by which a registered voter can submit their vote from the user interface 

to the host server; 

means to prevent a registered voter from submitting more than one vote; 
means for tallying a plurality of votes submitted by a plurality of registered 
voters; 

20 wherein when a vote is received at the host server all voter identification is 

removed from the vote, the vote is passed to the means for tallying and the 
registered voter who submitted the vote is flagged as having voted. 

2. An online election system including a computer network having a host server 
25 and a plurality of user interfaces, said system further including:- 

a registered voter database accessible by said host server and containing voter 
identification records for a plurality of registered voters; 
a voter verification system including means to receive personal identification 
information provided by a user at a user interface and means to determine if 
30 said user is a registered voter by matching said personal information provided 

by said user to a record contained in said registered voter database; 
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10 

3. 

15 

4. 



20 

5. 



6. 

25 



30 7. 



13 

means to display at a user interface election information including a list of 
election candidates; 

means by which a registered voter can indicate their vote at the user interface; 
means by which a registered voter can submit their vote from the user interface 
to the host server, 

means to prevent a registered voter from submitting more than one vote; 
means for tallying a plurality of votes submitted by a plurality of registered 
voters; 

wherein said system stores submitted votes independently of said voter records 
such that a voter cannot be correlated to their respective vote. 

An online election system according to claim 1 or 2 wherein said means for 
tallying includes a vote database that receives and stores votes submitted by 
said plurality of voters. 

An online election system according to claim 3 further including at least one 
further database storing information to be displayed at a user interface, 
including at least one list of candidates. 



An online election system according to claim 1 or 2 wherein each voter record 
includes a field containing a unique identifier. 

An online election system according to claim 1 or 2 further including a 
registration system including means by which a user may provide personal 
details through a user interface to said host server, and means for creating a 
record in said registered voter database corresponding to said user including 
said personal details. 

An online election system according to claim 6, said registration system 
further including means to assign a unique identifier to said user and to store 
said unique identifier in said user's record. 
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8. An online election system according to claims 6 or 7 wherein said computer 
network includes at least one electronic link to an external database containing 
one or more personal details of a user, said registration system including 

5 means to search said external database to verify said personal details of a user. 

9. An online election system according to claims 1 or 2 further including means 
to encrypt communications between said host server and said user interfaces. 

10 10- An online election system according to claim 1 wherein the list of candidates 
displayed at a user interface is determined from one or more details contained 
in a registered voter's record. 

11. An online election system according to claim 1 0 wherein the one or more 
1 5 details include the registered voter's electorate. 

12. An online election system according to claim 10 wherein the one or more 
details includes the registered voter's address. 

20 13. An online election system according to claim 1 or 2 wherein when a vote is 
received at said host server said vote is checked to determine if said vote is in 
an acceptable form before said vote is passed to said means for tallying. 

14. An online election system according to claim 1 wherein said voter 

25 identification records include a vote status field and a voter is flagged as 

having voted by changing a value stored in said vote status field. 

15. An online election system according to claim 1 or 2 further including means to 
determine, after the conclusion of an election, those registered voters that did 

30 not submit an acceptable vote and means to notify the registered voter's that 

did not submit a valid voter that a fine is payable. 
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1 6. An online election system according to claim 1 5 further including a fine 
payment system including means for a user to provide financial account details 
of said user to said host server through a user interface and means for said host 
server to access an electronic financial network to cause a financial amount to 

5 be transferred from said user financial account to a financial account 

authorised to receive fine payments. 

17. An online election system according to claim 1 6 further including means to 
issue a receipt in respect of said financial amount to said user by electronic 

10 mail. 
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